OpenStack Liberty : Keystone 設定#22015/12/23 |
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
|
|
[1] | 環境変数を事前に読み込んでおきます。 「OS_TOKEN」は keystone.conf で「admin_token」に設定した値 「OS_URL」は Keystone サーバーのホスト名またはIPアドレス |
root@dlp:~# export OS_TOKEN=admintoken root@dlp:~# export OS_URL=http://10.0.0.30:35357/v3 root@dlp:~# export OS_IDENTITY_API_VERSION=3 |
[2] | プロジェクトを作成します。 |
# admin プロジェクト作成 root@dlp:~# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id | aec599ff5b764f56b24378f4b687fa75 | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+ # service プロジェクト作成 root@dlp:~# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 54015368c27f4e9b92094d7032228086 | | is_domain | False | | name | service | | parent_id | None | +-------------+----------------------------------+ # 設定確認 root@dlp:~# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 54015368c27f4e9b92094d7032228086 | service | | aec599ff5b764f56b24378f4b687fa75 | admin | +----------------------------------+---------+ |
[3] | ロールを作成します。 |
# admin ロール作成 root@dlp:~# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 00a6a5d4d8c24796974de26f79b73477 | | name | admin | +-------+----------------------------------+ # Member ロール作成 root@dlp:~# openstack role create Member +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 208971585fce417ab78c77c0b3fc926b | | name | Member | +-------+----------------------------------+ # 設定確認 root@dlp:~# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 00a6a5d4d8c24796974de26f79b73477 | admin | | 208971585fce417ab78c77c0b3fc926b | Member | +----------------------------------+--------+ |
[4] | ユーザーを作成します。 |
# admin ユーザー作成 (admin プロジェクト所属) root@dlp:~# openstack user create --domain default --project admin --password adminpassword admin +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | default_project_id | aec599ff5b764f56b24378f4b687fa75 | | domain_id | default | | enabled | True | | id | 57df2f052e46428aae0c02e405f37e6f | | name | admin | +--------------------+----------------------------------+ # admin ユーザーを admin ロール に加える root@dlp:~# openstack role add --project admin --user admin admin
# 設定確認 root@dlp:~# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 57df2f052e46428aae0c02e405f37e6f | admin | +----------------------------------+-------+ |
[5] | サービス用のエントリを作成します。 |
# keystone 用サービスエントリ作成 root@dlp:~# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | fd3e8762b0c44daca819894d2cd085ad | | name | keystone | | type | identity | +-------------+----------------------------------+ # 設定確認 root@dlp:~# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | fd3e8762b0c44daca819894d2cd085ad | keystone | identity | +----------------------------------+----------+----------+ |
[6] | エンドポイントを作成します。 |
# 自ホストを定義しておく root@dlp:~# export controller=10.0.0.30
# keystone 用エンドポイント作成 (public) root@dlp:~# openstack endpoint create --region RegionOne identity public http://$controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a56afa66c33e4d9f8ad46ef84cf6b507 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | fd3e8762b0c44daca819894d2cd085ad | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v2.0 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (internal ) root@dlp:~# openstack endpoint create --region RegionOne identity internal http://$controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d6413fda84b447c9a35e216e18ba6eb9 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | fd3e8762b0c44daca819894d2cd085ad | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v2.0 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (admin ) root@dlp:~# openstack endpoint create --region RegionOne identity admin http://$controller:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 238a0aa47af14942838faf92b6f5e152 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | fd3e8762b0c44daca819894d2cd085ad | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:35357/v2.0 | +--------------+----------------------------------+ # 設定確認 root@dlp:~# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | 238a0aa47af14942838faf92b6f5e152 | RegionOne | keystone | identity | True | admin | http://10.0.0.30:35357/v2.0 | | a56afa66c33e4d9f8ad46ef84cf6b507 | RegionOne | keystone | identity | True | public | http://10.0.0.30:5000/v2.0 | | d6413fda84b447c9a35e216e18ba6eb9 | RegionOne | keystone | identity | True | internal | http://10.0.0.30:5000/v2.0 | +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ |
Sponsored Link |
|